Am 19.05.24 um 04:02 schrieb Peter via dovecot:
Check the permissions of the entire path, as dovecot:
namei -l /var/log/dovecot/error.log
It might be selinux, check your audit.log file, or set selinux to permissive mode and see if it works:
setenforce 0
This can't be the case, there is no SELinux present by default in Debian and it was never installed on that server. For completeness, here's the output:
namei -l /var/log/dovecot/error.log f: /var/log/dovecot/error.log drwxr-xr-x root root / drwxr-xr-x root root var drwxr-xr-x root root log drw-rw-r-- dovecot dovecot dovecot -rw-r--r-- dovecot dovecot error.log
It might also be apparmour (sorry don't have instructions for apparmour).
The message basically means that something is preventing the dovecot user from writing to the file, you need to figure out what that is.
Peter
I can say that this isn't possible, as any AppArmor actions would be logged, so they would have showed up. And by the files sizes, Dovecot is clearly writing to them.
-rw-r--r-- 1 dovecot dovecot 0 13. Mai 20:50 debug.log -rw-r--r-- 1 dovecot dovecot 37K 14. Mai 14:05 error.log -rw-r--r-- 1 dovecot dovecot 40K 13. Mai 21:20 info.log
So there's pretty much no possibility AppArmor could have any involvement here. Also, usually when AppArmor prevents access to a directory, you'd get a "file not found" error, not a permission denied.
For the very unlikely case that AppArmor is the cause, these are the only rules present for dovecot:
Dovecot has two files. In tunables you can find this:
# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
# where dovecot is allowed to store and read mails
#
# The default value is quite broad to avoid breaking existing setups.
# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
# you use, and remove everything else.
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/ /var/vmail/ /var/mail/ /var/spool/mailWhich doesn't seem to be relevant for this. No idea how dovecot can put the mail into /maildirs/username, but since that's working I'm not complaining. The file in abstractions only contains this:
# used with dovecot/*
   abi <abi/3.0>,
   capability setgid,
   deny capability block_suspend,
   # dovecot's master can send us signals
   signal receive peer=dovecot,
   owner @{run}/dovecot/config rw,
   # Include additions to the abstraction
   include if exists <abstractions/dovecot-common.d>Richard